If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Little Help with Privilege Escalation Please

Originally Posted by Sys7emR00t

you said there was shell codes to launch a root shell. ?

When did I say that? The only place I can find in this thread where I even mentioned shellcode is in post 4 responding to the OP who was talking about seeing mostly shellcode in the local exploits he saw. In that post I only meant that IF the OP was actually looking at privilege escalation exploits that contained shellcode, there should be more to it than JUST shellcode.

The majority of Linux privilege escalation exploits I have seen have not used shellcode at all...

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

Re: Little Help with Privilege Escalation Please

Originally Posted by lupin

Most privilege escalation exploits are run from a shell and they then give that shell root privileges. Some work slightly differently, but for the most part thats what happens. So you just need shell access on the system, then you transfer the privilege escalation exploit there and run it, and if it works your shell should end up wth root privilege.

Re: Little Help with Privilege Escalation Please

The exploit is always going to be a program, never just raw shellcode. The shellcode is merely a a string of pure machine code that performs a certain task (usually opens a shell, but can open calc.exe or anything).

With a privilege escalation exploit, you're going to download the exploit code, compile it, and then just ./exploit, and it'll either work or it won't.

Re: Little Help with Privilege Escalation Please

Originally Posted by falseteeth

The exploit is always going to be a program, never just raw shellcode. The shellcode is merely a a string of pure machine code that performs a certain task (usually opens a shell, but can open calc.exe or anything).

With a privilege escalation exploit, you're going to download the exploit code, compile it, and then just ./exploit, and it'll either work or it won't.

This is what I'm looking for. I figured raw shellcode didn't make sense. Problem is, with a limited account one may not be able to download a compiler. Any easy way to compile C from the command line or something?

Re: Little Help with Privilege Escalation Please

The exploits listed are like the simplest exploits to run on exploit-db. you just compile and run them. you can use gcc. it takes 2 mins at the most . If the exploits dosent work then you dont have the vulnerable services that the exploit takes advantage of.

Re: Little Help with Privilege Escalation Please

Originally Posted by Sys7emR00t

This is what I'm looking for. I figured raw shellcode didn't make sense. Problem is, with a limited account one may not be able to download a compiler. Any easy way to compile C from the command line or something?

If the target system doesn't have a compiler already installed (such as gcc, which is run from the command line btw) you can try compiling the exploit elsewhere and transferring it over in binary form. You need to make sure you compile the binary for the same architecture and platform as the target system though, so its generally better to compile on the target itself if a compiler is available.

Last edited by lupin; 01-28-2011 at 01:09 PM.

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".